About

avatar

Lays

mailMailtwitterTwittermastodonMastodongithubGitHublinkedinLinkedin
Shih-Fong Peng, aka Lays

Co-Founder and Researcher of TRAPA Security
Focusing on Vulnerability Research and Reverse Engineering.

  • Samsung Mobile Security Hall of Fame 2020
  • MSRC 2020 Most Valuable Security Researchers
  • MSRC 2019 Most Valuable Security Researchers

Security Advisories

CVEVendorVulnerability
CVE-2024-36304Trend MicroTrend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Vulnerability
CVE-2024-36303Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-6764ZyxelZyxel Firewall Pre-Authentication Format String Remote Code Execution Vulnerability
CVE-2023-6399ZyxelZyxel Firewall Post-Authentication Format String Remote Code Execution Vulnerability
CVE-2023-6398ZyxelZyxel Firewall Post-Authentication Command Injection Remote Code Execution Vulnerability
CVE-2023-6397ZyxelZyxel Firewall Remote Kernel DoS Vulnerability
CVE-2023-52093Trend MicroTrend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVE-2023-35635MicrosoftWindows Kernel Denial of Service Vulnerability
CVE-2023-4398ZyxelZyxel Firewall Pre-Authentication DoS Vulnerability
CVE-2023-47201Trend MicroTrend Micro Apex One Security Agent Plug-in Manager Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47200Trend MicroTrend Micro Apex One Security Agent Plug-in Manager Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47198Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47197Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47196Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47195Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47194Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47193Trend MicroTrend Micro Apex One Security Agent Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2023-47192Trend MicroTrend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
CVE-2023-2910ASUSTORASUSTOR Data Master (ADM) Pre-Authentication Command Injection Remote Code Execution Vulnerability
CVE-2023-3697ASUSTORASUSTOR Data Master (ADM) Pre-Authentication Arbitrary File Creation Vulnerability
CVE-2023-3698ASUSTORASUSTOR Data Master (ADM) Pre-Authentication Arbitrary File Deletion Vulnerability
CVE-2023-34148Trend MicroTrend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVE-2023-34147Trend MicroTrend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVE-2023-34146Trend MicroTrend Micro Apex One Security Agent Exposed Dangerous Function Local Privilege Escalation Vulnerability
CVE-2023-34145Trend MicroTrend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability
CVE-2023-34144Trend MicroTrend Micro Apex One Security Agent Untrusted Search Path Local Privilege Escalation Vulnerability
CVE-2023-33012ZyxelZyxel Firewall Pre-Authentication Command Injection Remote Code Execution Vulnerability
CVE-2023-33011ZyxelZyxel Firewall Pre-Authentication Format String Remote Code Execution Vulnerability
CVE-2023-33010ZyxelZyxel Firewall Pre-Authentication Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-33009ZyxelZyxel Firewall Pre-Authentication Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-32555Trend MicroTrend Micro Apex One Security Agent Time-of-Check Time-of-Use LPE Vulnerability
CVE-2023-28771ZyxelZyxel Firewall Pre-Authentication Command Injection Remote Code Execution Vulnerability
CVE-2023-25146Trend MicroTrend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
CVE-2022-44653Trend MicroTrend Micro Apex One Security Agent Directory Traversal Local Privilege Escalation Vulnerability
CVE-2022-41747Trend MicroTrend Micro Apex One Security Agent Improper Certification Validation Local Privilege Escalation Vulnerability
CVE-2022-30700Trend MicroTrend Micro Apex One Incorrect Permission Assignment Privilege Escalation Vulnerability
CVE-2022-4920GoogleHeap buffer overflow in Blink in Google Chrome
CVE-2021-45441Trend MicroTrend Micro Apex One Origin Validation Error Local Privilege Escalation Vulnerability
CVE-2021-42011Trend MicroTrend Micro Apex One Incorrect Permission Assignment Privilege Escalation Vulnerability
CVE-2021-31937MicrosoftMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2021-28645Trend MicroTrend Micro Apex One Incorrect Permission Assignment Privilege Escalation Vulnerability
CVE-2021-25253Trend MicroTrend Micro Apex One Improper Access Control Privilege Escalation Vulnerability
CVE-2020-28940Western DigitalWestern Digital MyCloud PR4100 nasAdmin Authentication Bypass Vulnerability
CVE-2020-11600SamsungSVE-2019-16587, SVE-2019-16588, SVE-2019-16589: Arbitrary code execution in Fingerprint Trustlet
CVE-2020-1421MicrosoftLNK Remote Code Execution Vulnerability
CVE-2020-0729MicrosoftLNK Remote Code Execution Vulnerability
CVE-2019-1406MicrosoftJet Database Engine Remote Code Execution Vulnerability
CVE-2019-1280MicrosoftLNK Remote Code Execution Vulnerability
CVE-2019-1188MicrosoftLNK Remote Code Execution Vulnerability
CVE-2019-0974MicrosoftJet Database Engine Remote Code Execution Vulnerability
CVE-2017-18739NETGEARPre-Authentication Remote Code Execution
CVE-2017-16774SynologySynology DiskStation Manager XSS